Broadcom has just released a security update to address a critical vulnerability in VMware Tools for Windows. The flaw, classified as an authentication bypass vulnerability, can be exploited by attackers to escalate privileges within a virtual machine.
VMware Tools comprises utilities and drivers designed to enhance virtual machine compatibility, graphics rendering, system performance, and host-guest integration—ultimately enabling more seamless interaction with virtualized environments.
Tracked as CVE-2025-22230, the vulnerability stems from improper access control and was disclosed by Sergey Bliznyuk, a security researcher at Positive Technologies. Interestingly, Positive Technologies is a Russian cybersecurity firm previously sanctioned by the United States for allegedly trafficking in hacking tools—raising questions about the motivations behind the disclosure.
According to Bliznyuk, a local attacker with limited privileges can exploit this vulnerability through a low-complexity attack that requires no user interaction, enabling the execution of high-privilege operations within a vulnerable virtual machine.
Earlier this month, Broadcom also patched three VMware zero-day vulnerabilities—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—discovered by Microsoft’s Threat Intelligence Center. Data from Microsoft indicates that these flaws had already been weaponized by malicious actors. With administrator or root-level access, attackers could exploit them to escape virtual machine sandboxes, posing a severe security risk.
While these vulnerabilities are unlikely to affect most home users in a significant way, it remains essential to promptly apply updates to VMware and VMware Tools to mitigate exposure to known threats.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
